what you don't know can hurt you

Register | Login

FilesNewsUsersAuthors

Home Files News &[SERVICES_TAB]About Contact Add New

Showing 1 - 3 of 3

Files from WangTao

Android WAPPushManager SQL Injection

Posted Nov 26, 2014

Authored by WangTao, Zhang Donghui, WangYu

Android versions prior to 5.0 suffer from a remote SQL injection vulnerability in the opt module WAPPushManager.

tags | exploit, remote, sql injection

advisories | CVE-2014-8507

SHA-256 | 18706be9be8033c24e8c2f06033de0b992c7dd3941e112ef9d8ce5cecd8fdef9

Download | Favorite | View

Android SMS Resend

Posted Nov 26, 2014

Authored by WangTao, Zhang Donghui, WangYu

Android versions prior to 5.0 allow an unprivileged application the ability to resend all the SMS's stored in the users phone.

tags | exploit

advisories | CVE-2014-8610

SHA-256 | 9954c7e735f97d8deaa62bdd4dd7a93cbbb3e11d2057e1ba006ba091a07683fc

Download | Favorite | View

Android Settings Pendingintent Leak

Posted Nov 26, 2014

Authored by WangTao, Zhang Donghui, WangYu

In Android versions prior to 5.0 and possibly greater than and equal to 4.0, Settings application leaks Pendingintent with a blank base intent (neither the component nor the action is explicitly set) to third party applications. Due to this, a malicious app can use this to broadcast intent with the same permissions and identity of the Settings application, which runs as SYSTEM uid.

tags | exploit

advisories | CVE-2014-8609

SHA-256 | cfc2aeebb8ce7b28e800f8cd2c1a2ef4f012afd9da67892dea7842b3fef42e7c

Download | Favorite | View